Amazon Connect SSO integration with ServiceNow
Single Sign-On (SSO) integration between Amazon Connect and ServiceNow eliminates duplicate authentication by using a shared identity provider (IdP) to authenticate agents automatically when they open the Amazon Connect softphone.
Amazon Connect SSO integration overview
When an agent authenticates into ServiceNow via configured IdP, an active IdP session is established. Opening the softphone forwards the SSO Login URL fromServiceNow to Amazon Connect, which initiates authentication. The IdP completes the SAML 2.0 flow using the existing session, and the Amazon Connect softphone loads without requiring any additional agent action.
If the SSO Login URL field is empty, the system falls back to standard Amazon Connect authentication. No custom code is required. The SSO capability is provided by the Streams API library, which is part of Amazon Connect, and works for both the standard Contact Control Panel (CCP) and the Interaction Controls Component (ICC) enabled voice controls.
For more information about Single Sign-On (SSO) configuration for ServiceNow Voice, see the Single Sign-On configuration for ServiceNow Voice with Amazon Connect [KB3025173] article in the HI Knowledge Base.
Benefits of the SSO authentication
- Duplicate authentication
- Agents can avoid authenticating twice, for ServiceNow and for Amazon Connect, even with both systems using the same IdP.
- Disruptive login popups
- Without the SSO integration, the Amazon Connect opens an authentication pop-up, creating an inconsistent agent experience.
SSO configuration sequence
The configuration steps are:
- ServiceNow: Install the SSO plugin and configure Okta as the IdP.
- IdP: example Okta Create a user and add the Amazon Web Services SAML application.
- Amazon Connect: Enable SAML federation and configure the IAM role and IdP.
- IdP: example Okta Retrieve the IdP-initiated SAML SSO Login URL.
- ServiceNow: Paste the SSO Login URL into the SSO Login URL field on the Amazon Connect instance record.
The login parameter is generally the user email that must be mapped to the user name. Here's an example of how SSO is configured in Amazon Connect.
The following screen captures show the user identity fields across all three applications.